We’re a little fed up with OSINT tools claiming they’re the best. So, we spent some time looking at some hard facts from Github. After spending some time downloading & reviewing the top-rated OSINT tools according to Github by 1) the number of stars, 2) the number of pulls, 3) and the number of people currently contributing to the projects. If it’s one thing you can’t argue with, it’s cold-hard numbers. Finally, according to the users and software developers, you’ll see the top 10 OSINT tools by usage statistics.
For those not 100% familiar with the GitHub world…in very basic terms, it’s a software storage/version control system, predominantly for open source tools. Now, don’t get OSINT confused with open-source tools. They have nothing in common! open-source software is typically community-owned / community-developed software built by good-standing citizens for the better of the community. It uses a few terms you may not be familiar with, which are:
- Stars: The number of people who have ‘bookmarked’ a project. Giving another person’s project a star means they can follow what’s happening with the project and quickly check out updates. It can also be understood as a ‘like,’ similar to how you can like posts on social media websites, basically a virtual ‘nod of respect in the direction of that project.
- Watching: These people have set up their accounts to watch all the news and activity of that project. Any new changes, or updates, will be shown in your news feed.
- Forks: The number of other developers who have copied/downloaded the project to either use themselves or to work on to help that project.
Github Basics & our Measurements
Github is ‘the’ platform where software developers go to publish their projects for the world to see and use them. It’s used for people to collaborate, help each other, and solve programming questions. However, many developers let others use their software for free, with no catches. This is also the place where those projects go! So, in the world of open source research, penetration testing, or any other technical world where you may use software, the practitioners get their ‘cool tools’ from this place.
As you’ve probably worked out, the three main statistics for these projects are Stars, Watching, and Forks. So, we’ve spoken to the experts, sifted through the projects, and installed/played with all the top tools on Github, where they are tagged for OSINT tools. This is what we found out..starting from the number 10 and working our way to the best of the best of number one!
10) Subfinder – Last but not least
What is this? A subdomain discovery tool for websites.
Subfinder is a tool to identify their subdomains on a website, even if they are hidden. Perfect for finding hidden areas of an organization that are web facing, but something they don’t want you to know about…or are accidentally web facing!
The tool is aimed at penetration testers, but OSINT experts also use this tool a lot. It can find valid subdomains using passive online sources to find hidden online services of a website. These subdomains could be API controllers, email servers, members-only areas of membership websites, potentially anything! A very useful tool in your arsenal.
9) GHunt – 9th most used OSINT Tool
What is this? A tool for extreme OSINT of GitHub projects!
GHunt is an open-source tool that can be used to find and interact with GitHub repositories. It is a comprehensive tool that has many features. Its features include searching through a repository’s commit history and performing keyword searches. GHunt also has a feature that allows you to download data from GitHub repositories in CSV format.
GHunt can be utilized by searching for specific repositories or users or entering keywords. Once the user has found what he is looking for, he can view its issues. He can also pull requests and clone them locally. The app provides a simple user interface. It allows you to navigate through the history of commits in each repository. GHunt also allows you to see what changes have been made over time.
What is this? A literal online people tracker for OSINT.
The trap is a simple and powerful open-source research tool that allows you to gather, search and analyze data from various public sources. It possesses an intuitive interface, so it is very easy to utilize. Trap allows users to gather data from over 50 different sources and analyze them in one place.
The most impressive thing about Trape is that it’s completely free and open-source so you can modify it according to your needs.
It uses a Python-based system that makes it easy to set up on any platform. It can be run on Linux or Windows systems with little effort from the user.
What is this? An incredibly fast web crawler focused on OSINT personal details, such as names, phone numbers, emails, etc.
If you’re looking for an OSINT tool that’s easy to use and won’t require you to learn any new skills, Photon is a great option. Although it doesn’t have the same level of customization as some other programs, Photon will help you gather information from various sources and present it in one place.
It also features an intuitive and easy-to-navigate interface, enabling seamless drag-and-drop functionality. You can drag and drop your files into the program or add them manually if necessary.
All in all, Photon is a great tool for beginners. It is for those who want to learn about OSINT without learning how to code.
What is this? penetration testing scammer to find hidden assets relating to a website or company.
Amass is one of the most popular OSINT tools used by many security researchers and pen-testers. This tool allows you to search the internet for information about a person or an organization. It works by crawling various social media sites, such as Facebook and Twitter. It extracts data from these sites to provide users with this information. Amass also provides users with information about the IP addresses associated with the person or organization they are searching for.
Due to its wide array of features, it’s one of the most popular OSINT applications on Github. One of these features is its ability to extract photos from Instagram accounts. It allows users to get more information about the person they are researching by looking at pictures that may reveal personal details about them or essential events in their life. Another feature is its ability to extract exciting facts from tweets posted on Twitter accounts; this makes it easier for users to find out more about someone based on what they post online rather than having to go through all their posts manually.”
What is this? It mops up emails, subdomains, and names based on your target from public information sources.
theharvester is a tool for searching subdomains, email addresses, and names of people to find information related to the target.
It uses search engine APIs to gather data. The harvester is not a very fast tool. But it is one of the best tools for gathering information about a target. I am the command-line tool that can be used on a Linux or Windows machine.
theharvester gathers information from different sources like social media sites, search engines, the target’s website, etc. It also allows you to create custom plugins that you can use while searching for data related to your target.
What is this? In one Penetration testing toolkit.
SpiderFoot is a collection of Open Source Intelligence (OSINT) tools designed to ease information gathering. It was developed by the Italian company ReVuln and released in 2009.
SpiderFoot can gather information on companies, organizations, people, and websites. The tool supports gathering information from search engines, social networks, blogs, and forums. It also provides tools for extracting data from different file formats such as PDFs, HTML, Word documents, etc.
Another helpful feature of SpiderFoot is its ability to scan websites for vulnerabilities such as SQL Injection or Cross-site scripting (XSS). If a vulnerability is found on a website, it will notify you about it so that you can fix it before someone else exploits it.
SpiderFoot also includes a scanner for looking up email addresses from various sources like Google or LinkedIn, making it easier for users to find contact information for themselves or others.”
What is this? What this tool cant do with phone numbers is not worth thinking about!
Phoneinfoga is an open-source tool that helps you find phone numbers on the Internet. It can find more than just phone numbers; it can also find email addresses, social media accounts, and text messages.
Phoneinfoga uses the same technology as Google, which means it will search for a phone number differently depending on how you enter it. For example, if you enter a name and an area code, Phoneinfoga will search for any phone number associated with that name and area code. If you enter an area code and several digits, Phoneinfoga will search for all those numbers across the country.
Some people use this software to track criminals or people who owe them money. But it’s important to remember that some people have their privacy protected under law, and using these tools might be illegal in some countries (or at least unethical).
What is this? An osint tool for Twitter. It literally scrapes everything public from the account and presents it in a friendly format.
Twint is an OSINT tool that makes searching and analyzing Twitter data easy.
It gives you access to various data, including Tweets, users, hashtags, and more. It also provides tools to analyze that information and make it easier to find what you’re looking for.
Not only can this tool be used to analyze tweets and determine whether or not they’re fake, but it can also be used to find influencers in your industry, track events or breaking news stories on Twitter, and monitor a particular user’s activity.
Twint can use for multiple tasks, such as:
- Analyzing tweets and determining whether or not they’re fake;
- Finding influencers in your industry;
- Tracking events or breaking news stories on Twitter;
- Monitoring a particular user’s activity
1) Sherlock – Best of the best osint tool on Github
What is this? Hunt down social media accounts. A command line version of UserSearch.org. Not too familiar with command line and Python? Just use UserSearch instead.
Sherlock is a tool designed to help you with the process of gathering information about people. It’s especially useful for journalists and researchers, but it can be used by anyone who wants to find out more about someone online.
The tool uses public data from social media accounts and other sources to create profiles of people—including their location, age, gender, job title, and salary. It also includes information about people’s connections on Facebook or Twitter. You can use this information to learn more about what they’re up to online or whether they’re hiding something from you.
Sherlock can be used with other OSINT tools such as Maltego or FOCA to gather additional information about a person’s interests or connections within the community.
All in all, the best and most popular OSINT tool on GitHub by statistics is Sherlock. The tool is excellent, but you must be happy using the command line and Python basics. If you don’t fancy all that hassle, just use a similar version with an interface: UserSearch.org.
In conclusion, several OSINT tools can be used by an investigator in the digital world to gather information about a person or organization. These tools are free to use, and many analysts and investigators have used them. Some of these Github OSINT tools make it easy for users to download and use them. The most popular OSINT tools include sherlock and twint. Although, if you don’t want to do searching via the command line, try out this reverse user search tool built by UserSearch.
This write-up intended to note some of the widely popular Github OSINT tools. The goal was to help readers learn how to use these tools in their work as investigators and analysts to get more information about people or organizations they are investigating without spending too much time searching online.